5.8
高危
61 个模型检测该样本为恶意!
重新分析
更多

da7e4f326f4123632bae5f5f99c3b940e638fafa12bd71c5603089b9b599fbec

ce18fdc0c868f4680dce90cc8cf2f466.exe

分析耗时

21s

最近分析

文件大小

767.5KB
静态报毒 动态报毒 100% AI SCORE=86 ALI2000015 APIW ATTRIBUTE AUTO AUTOIT BLOCKER CEEINJECT CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS DOWNLOADER34 EMTN HIGH CONFIDENCE HIGHCONFIDENCE HPDFEO IGENERIC KRYPTIK LCUO MODERATE NANOCORE QUASAR SCORE SUSPICIOUS PE TROJAN3 TSCOPE UDSQA UNSAFE USXVPGS20 VGW@AMKBV7EI X2091 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic.grp 20200806 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200806 18.4.3895.0
Tencent Win32.Trojan.Inject.Auto 20200806 1.0.0.1
Kingsoft 20200806 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619910853.80071
__exception__
stacktrace: 
RtlFlsAlloc+0x421 EtwNotificationRegister-0x6ae ntdll+0x3ee84 @ 0x77d6ee84
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752ad4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
ce18fdc0c868f4680dce90cc8cf2f466+0x543f8 @ 0x4543f8
_CorValidateImage+0x83f _CorExeMain-0x2cc mscoree+0x4b0f @ 0x75174b0f
_CorExeMain+0xf62 CreateConfigStream-0x209a mscoree+0x5d3d @ 0x75175d3d
0x57005c

registers.esp: 1633872
registers.edi: 0
registers.eax: 0
registers.ebp: 1633912
registers.edx: 582600
registers.ebx: 0
registers.esi: 1634116
registers.ecx: 176
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4814ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1619910852.304315
NtAllocateVirtualMemory
process_identifier: 2424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619910852.554315
NtAllocateVirtualMemory
process_identifier: 2424
region_size: 81920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004f0000
success 0 0
1619910852.554315
NtAllocateVirtualMemory
process_identifier: 2424
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619910853.42571
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619910853.47271
NtAllocateVirtualMemory
process_identifier: 1564
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1619910853.47271
NtAllocateVirtualMemory
process_identifier: 1564
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02030000
success 0 0
1619910853.47271
NtAllocateVirtualMemory
process_identifier: 1564
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00610000
success 0 0
1619910853.47271
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 282624
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00612000
success 0 0
1619910853.76871
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.76871
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910853.76871
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.76871
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01f22000
success 0 0
1619910853.78471
NtProtectVirtualMemory
process_identifier: 1564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.285921225570385 section {'size_of_data': '0x00048c00', 'virtual_address': '0x0007d000', 'entropy': 7.285921225570385, 'name': '.rsrc', 'virtual_size': '0x00048b80'} description A section with a high entropy has been found
entropy 0.3796477495107632 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2424 called NtSetContextThread to modify thread in remote process 1564
Time & API Arguments Status Return Repeated
1619910853.194315
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859280
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1564
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2424 resumed a thread in remote process 1564
Time & API Arguments Status Return Repeated
1619910853.429315
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 1564
success 0 0
Executed a process and injected code into it, probably while unpacking (6 个事件)
Time & API Arguments Status Return Repeated
1619910853.101315
CreateProcessInternalW
thread_identifier: 2316
thread_handle: 0x000000f8
process_identifier: 1564
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ce18fdc0c868f4680dce90cc8cf2f466.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000fc
inherit_handles: 0
success 1 0
1619910853.101315
NtUnmapViewOfSection
process_identifier: 1564
region_size: 4096
process_handle: 0x000000fc
base_address: 0x00400000
success 0 0
1619910853.101315
NtMapViewOfSection
section_handle: 0x00000104
process_identifier: 1564
commit_size: 671744
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000fc
allocation_type: 0 ()
section_offset: 0
view_size: 671744
base_address: 0x00400000
success 0 0
1619910853.194315
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1619910853.194315
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859280
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1564
success 0 0
1619910853.429315
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 1564
success 0 0
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
MicroWorld-eScan Gen:Variant.Zusy.310100
FireEye Generic.mg.ce18fdc0c868f468
CAT-QuickHeal Trojan.IGENERIC
McAfee RDN/Generic.grp
Cylance Unsafe
Zillya Trojan.Injector.Win32.754948
Sangfor Malware
K7AntiVirus Trojan ( 0056b5241 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056b5241 )
Cybereason malicious.a9ed11
TrendMicro PUA.Win32.Blocker.USXVPGS20
F-Prot W32/Trojan3.APIW
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.Nanocore-9142740-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Gen:Variant.Zusy.310100
NANO-Antivirus Trojan.Win32.Kryptik.hpdfeo
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Tencent Win32.Trojan.Inject.Auto
Endgame malicious (high confidence)
Sophos Mal/Generic-S
F-Secure Trojan.TR/Injector.udsqa
DrWeb Trojan.DownLoader34.9756
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Trapmine malicious.moderate.ml.score
Emsisoft Gen:Variant.Zusy.310100 (B)
SentinelOne DFI - Suspicious PE
Cyren W32/Trojan.LCUO-5348
Jiangmin Trojan.Kryptik.byk
Avira TR/Injector.udsqa
Antiy-AVL Trojan/Win32.Kryptik
Microsoft VirTool:Win32/CeeInject.JJ!rfn
Arcabit Trojan.Zusy.D4BB54
ViRobot Trojan.Win32.Z.Zusy.785920.D
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.310100
Cynet Malicious (score: 85)
AhnLab-V3 Suspicious/Win.Delphiless.X2091
Acronis suspicious
VBA32 TScope.Trojan.Delf
ALYac Gen:Variant.Zusy.310100
MAX malware (ai score=86)
Ad-Aware Gen:Variant.Zusy.310100
Malwarebytes Backdoor.Quasar
Zoner Trojan.Win32.91603
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47113c VirtualFree
0x471140 VirtualAlloc
0x471144 LocalFree
0x471148 LocalAlloc
0x47114c GetVersion
0x471150 GetCurrentThreadId
0x47115c VirtualQuery
0x471160 WideCharToMultiByte
0x471164 MultiByteToWideChar
0x471168 lstrlenA
0x47116c lstrcpynA
0x471170 LoadLibraryExA
0x471174 GetThreadLocale
0x471178 GetStartupInfoA
0x47117c GetProcAddress
0x471180 GetModuleHandleA
0x471184 GetModuleFileNameA
0x471188 GetLocaleInfoA
0x47118c GetCommandLineA
0x471190 FreeLibrary
0x471194 FindFirstFileA
0x471198 FindClose
0x47119c ExitProcess
0x4711a0 WriteFile
0x4711a8 RtlUnwind
0x4711ac RaiseException
0x4711b0 GetStdHandle
Library user32.dll:
0x4711b8 GetKeyboardType
0x4711bc LoadStringA
0x4711c0 MessageBoxA
0x4711c4 CharNextA
Library advapi32.dll:
0x4711cc RegQueryValueExA
0x4711d0 RegOpenKeyExA
0x4711d4 RegCloseKey
Library oleaut32.dll:
0x4711dc SysFreeString
0x4711e0 SysReAllocStringLen
0x4711e4 SysAllocStringLen
Library kernel32.dll:
0x4711ec TlsSetValue
0x4711f0 TlsGetValue
0x4711f4 LocalAlloc
0x4711f8 GetModuleHandleA
Library advapi32.dll:
0x471200 RegQueryValueExA
0x471204 RegOpenKeyExA
0x471208 RegCloseKey
Library kernel32.dll:
0x471210 lstrcpyA
0x471214 WriteFile
0x471218 WaitForSingleObject
0x47121c VirtualQuery
0x471220 VirtualAlloc
0x471224 Sleep
0x471228 SizeofResource
0x47122c SetThreadLocale
0x471230 SetFilePointer
0x471234 SetEvent
0x471238 SetErrorMode
0x47123c SetEndOfFile
0x471240 ResetEvent
0x471244 ReadFile
0x471248 MulDiv
0x47124c LockResource
0x471250 LoadResource
0x471254 LoadLibraryA
0x471260 GlobalUnlock
0x471264 GlobalReAlloc
0x471268 GlobalHandle
0x47126c GlobalLock
0x471270 GlobalFree
0x471274 GlobalFindAtomA
0x471278 GlobalDeleteAtom
0x47127c GlobalAlloc
0x471280 GlobalAddAtomA
0x471284 GetVersionExA
0x471288 GetVersion
0x47128c GetTickCount
0x471290 GetThreadLocale
0x471294 GetSystemInfo
0x471298 GetStringTypeExA
0x47129c GetStdHandle
0x4712a0 GetProcAddress
0x4712a4 GetModuleHandleA
0x4712a8 GetModuleFileNameA
0x4712ac GetLocaleInfoA
0x4712b0 GetLocalTime
0x4712b4 GetLastError
0x4712b8 GetFullPathNameA
0x4712bc GetDiskFreeSpaceA
0x4712c0 GetDateFormatA
0x4712c4 GetCurrentThreadId
0x4712c8 GetCurrentProcessId
0x4712cc GetCPInfo
0x4712d0 GetACP
0x4712d4 FreeResource
0x4712d8 InterlockedExchange
0x4712dc FreeLibrary
0x4712e0 FormatMessageA
0x4712e4 FindResourceA
0x4712e8 EnumCalendarInfoA
0x4712f4 CreateThread
0x4712f8 CreateFileA
0x4712fc CreateEventA
0x471300 CompareStringA
0x471304 CloseHandle
Library version.dll:
0x47130c VerQueryValueA
0x471314 GetFileVersionInfoA
Library gdi32.dll:
0x47131c UnrealizeObject
0x471320 StretchBlt
0x471324 SetWindowOrgEx
0x471328 SetViewportOrgEx
0x47132c SetTextColor
0x471330 SetStretchBltMode
0x471334 SetROP2
0x471338 SetPixel
0x47133c SetDIBColorTable
0x471340 SetBrushOrgEx
0x471344 SetBkMode
0x471348 SetBkColor
0x47134c SelectPalette
0x471350 SelectObject
0x471354 SelectClipRgn
0x471358 SaveDC
0x47135c RestoreDC
0x471360 Rectangle
0x471364 RectVisible
0x471368 RealizePalette
0x47136c PatBlt
0x471370 MoveToEx
0x471374 MaskBlt
0x471378 LineTo
0x47137c IntersectClipRect
0x471380 GetWindowOrgEx
0x471384 GetTextMetricsA
0x471390 GetStockObject
0x471394 GetPixel
0x471398 GetPaletteEntries
0x47139c GetObjectA
0x4713a0 GetDeviceCaps
0x4713a4 GetDIBits
0x4713a8 GetDIBColorTable
0x4713ac GetDCOrgEx
0x4713b4 GetClipRgn
0x4713b8 GetClipBox
0x4713bc GetBrushOrgEx
0x4713c0 GetBitmapBits
0x4713c4 ExcludeClipRect
0x4713c8 DeleteObject
0x4713cc DeleteDC
0x4713d0 CreateSolidBrush
0x4713d4 CreateRectRgn
0x4713d8 CreatePenIndirect
0x4713dc CreatePen
0x4713e0 CreatePalette
0x4713e8 CreateFontIndirectA
0x4713ec CreateDIBitmap
0x4713f0 CreateDIBSection
0x4713f4 CreateCompatibleDC
0x4713fc CreateBrushIndirect
0x471400 CreateBitmap
0x471404 BitBlt
Library user32.dll:
0x47140c CreateWindowExA
0x471410 WindowFromPoint
0x471414 WinHelpA
0x471418 WaitMessage
0x47141c ValidateRect
0x471420 UpdateWindow
0x471424 UnregisterClassA
0x471428 UnhookWindowsHookEx
0x47142c TranslateMessage
0x471434 TrackPopupMenu
0x47143c ShowWindow
0x471440 ShowScrollBar
0x471444 ShowOwnedPopups
0x471448 ShowCursor
0x47144c SetWindowsHookExA
0x471450 SetWindowPos
0x471454 SetWindowPlacement
0x471458 SetWindowLongA
0x47145c SetTimer
0x471460 SetScrollRange
0x471464 SetScrollPos
0x471468 SetScrollInfo
0x47146c SetRect
0x471470 SetPropA
0x471474 SetParent
0x471478 SetMenuItemInfoA
0x47147c SetMenu
0x471480 SetForegroundWindow
0x471484 SetFocus
0x471488 SetCursor
0x47148c SetClassLongA
0x471490 SetCapture
0x471494 SetActiveWindow
0x471498 SendMessageA
0x47149c ScrollWindow
0x4714a0 ScreenToClient
0x4714a4 RemovePropA
0x4714a8 RemoveMenu
0x4714ac ReleaseDC
0x4714b0 ReleaseCapture
0x4714bc RegisterClassA
0x4714c0 RedrawWindow
0x4714c4 PtInRect
0x4714c8 PostQuitMessage
0x4714cc PostMessageA
0x4714d0 PeekMessageA
0x4714d4 OffsetRect
0x4714d8 OemToCharA
0x4714dc MessageBoxA
0x4714e0 MapWindowPoints
0x4714e4 MapVirtualKeyA
0x4714e8 LoadStringA
0x4714ec LoadKeyboardLayoutA
0x4714f0 LoadIconA
0x4714f4 LoadCursorA
0x4714f8 LoadBitmapA
0x4714fc KillTimer
0x471500 IsZoomed
0x471504 IsWindowVisible
0x471508 IsWindowEnabled
0x47150c IsWindow
0x471510 IsRectEmpty
0x471514 IsIconic
0x471518 IsDialogMessageA
0x47151c IsChild
0x471520 InvalidateRect
0x471524 IntersectRect
0x471528 InsertMenuItemA
0x47152c InsertMenuA
0x471530 InflateRect
0x471538 GetWindowTextA
0x47153c GetWindowRect
0x471540 GetWindowPlacement
0x471544 GetWindowLongA
0x471548 GetWindowDC
0x47154c GetTopWindow
0x471550 GetSystemMetrics
0x471554 GetSystemMenu
0x471558 GetSysColorBrush
0x47155c GetSysColor
0x471560 GetSubMenu
0x471564 GetScrollRange
0x471568 GetScrollPos
0x47156c GetScrollInfo
0x471570 GetPropA
0x471574 GetParent
0x471578 GetWindow
0x47157c GetMenuStringA
0x471580 GetMenuState
0x471584 GetMenuItemInfoA
0x471588 GetMenuItemID
0x47158c GetMenuItemCount
0x471590 GetMenu
0x471594 GetLastActivePopup
0x471598 GetKeyboardState
0x4715a0 GetKeyboardLayout
0x4715a4 GetKeyState
0x4715a8 GetKeyNameTextA
0x4715ac GetIconInfo
0x4715b0 GetForegroundWindow
0x4715b4 GetFocus
0x4715b8 GetDlgItem
0x4715bc GetDesktopWindow
0x4715c0 GetDCEx
0x4715c4 GetDC
0x4715c8 GetCursorPos
0x4715cc GetCursor
0x4715d0 GetClientRect
0x4715d4 GetClassNameA
0x4715d8 GetClassInfoA
0x4715dc GetCapture
0x4715e0 GetActiveWindow
0x4715e4 FrameRect
0x4715e8 FindWindowA
0x4715ec FillRect
0x4715f0 EqualRect
0x4715f4 EnumWindows
0x4715f8 EnumThreadWindows
0x4715fc EndPaint
0x471600 EndDeferWindowPos
0x471604 EnableWindow
0x471608 EnableScrollBar
0x47160c EnableMenuItem
0x471610 DrawTextA
0x471614 DrawMenuBar
0x471618 DrawIconEx
0x47161c DrawIcon
0x471620 DrawFrameControl
0x471624 DrawFocusRect
0x471628 DrawEdge
0x47162c DispatchMessageA
0x471630 DestroyWindow
0x471634 DestroyMenu
0x471638 DestroyIcon
0x47163c DestroyCursor
0x471640 DeleteMenu
0x471644 DeferWindowPos
0x471648 DefWindowProcA
0x47164c DefMDIChildProcA
0x471650 DefFrameProcA
0x471654 CreatePopupMenu
0x471658 CreateMenu
0x47165c CreateIcon
0x471660 ClientToScreen
0x471664 CheckMenuItem
0x471668 CallWindowProcA
0x47166c CallNextHookEx
0x471670 BeginPaint
0x471674 BeginDeferWindowPos
0x471678 CharNextA
0x47167c CharLowerA
0x471680 CharToOemA
0x471684 AdjustWindowRectEx
Library kernel32.dll:
0x471690 Sleep
Library oleaut32.dll:
0x471698 SafeArrayPtrOfIndex
0x47169c SafeArrayGetUBound
0x4716a0 SafeArrayGetLBound
0x4716a4 SafeArrayCreate
0x4716a8 VariantChangeType
0x4716ac VariantCopy
0x4716b0 VariantClear
0x4716b4 VariantInit
Library comctl32.dll:
0x4716c4 ImageList_Write
0x4716c8 ImageList_Read
0x4716d8 ImageList_DragMove
0x4716dc ImageList_DragLeave
0x4716e0 ImageList_DragEnter
0x4716e4 ImageList_EndDrag
0x4716e8 ImageList_BeginDrag
0x4716ec ImageList_Remove
0x4716f0 ImageList_DrawEx
0x4716f4 ImageList_Draw
0x471704 ImageList_Add
0x47170c ImageList_Destroy
0x471710 ImageList_Create
0x471714 InitCommonControls
Library comdlg32.dll:
0x47171c GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 63432 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.